Nice rundown of how to use >uf to suss your way through functions. Useful.


I'm busy at the moment but hope to get doing more to learn all the advantages of Windbg. I've been looking at Control Flow Guard (CFG) lately

https://docs.microsoft.com/en-us/windows/desktop/secbp/control-flow-guard

Code:
What is Control Flow Guard?

Control Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities. 
By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.
 CFG extends previous exploit mitigation technologies such as /GS, DEP, and ASLR.

and this Windbg extension

https://github.com/JKornev/cfgdump

Code:
cfgdump

 Windbg extension that allows you analyze Control Flow Guard map

 !cfgcover - prints memory map that is covered by CFG map and shows which region are protected by CFG bits
 !cfgrange <address> <size> - prints CFG bits for specified address range
 !cfgdump - prints all CFG bits for whole address space
 !cfgmap - prints available CFG maps
I'm trying to rebuild it from source since it doesn't work as written on my system. I've gotten to the stage where I need to look at memory regions in Windbg to sort out access and locations. So that's why I'm playing with Windbg lately.

This thread should be split at some point if it goes off topic.